fix: ensure we aren't allowing methods other than GET for static files
This commit is contained in:
parent
a9b20fea40
commit
582636ab5a
4 changed files with 50 additions and 1 deletions
|
|
@ -13,6 +13,11 @@ import * as media_types from '@std/media-types';
|
|||
* @returns Either a response (a static file was requested and returned properly) or undefined if unhandled.
|
||||
*/
|
||||
export default async function handle_static_files(request: Request): Promise<Response | undefined> {
|
||||
// we only handle GET on static files
|
||||
if (request.method.toUpperCase() !== 'GET') {
|
||||
return;
|
||||
}
|
||||
|
||||
const url = new URL(request.url);
|
||||
const normalized_path = path.resolve(path.normalize(url.pathname).replace(/^\/+/, ''));
|
||||
if (!normalized_path.startsWith(Deno.cwd())) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue